Search

Search Results (366186 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-2895 1 Idera 1 Uptime Infrastructure Monitor 2025-04-12 N/A
Buffer overflow in the up.time client in Idera Uptime Infrastructure Monitor 7.4 might allow remote attackers to execute arbitrary code via long command input.
CVE-2015-2896 1 Idera 1 Uptime Infrastructure Monitor 2025-04-12 N/A
The up.time client in Idera Uptime Infrastructure Monitor through 7.6 allows remote attackers to obtain potentially sensitive version, OS, process, and event-log information via a command.
CVE-2015-2897 1 Sierrawireless 6 Airlink Es440, Airlink Es450, Airlink Gx440 and 3 more 2025-04-12 N/A
Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2) TELNET session.
CVE-2015-2898 1 Medicomp 1 Medcin Engine 2025-04-12 N/A
Multiple stack-based buffer overflows in Medicomp MEDCIN Engine before 2.22.20153.226 might allow remote attackers to execute arbitrary code via a crafted packet on port 8190, related to (1) the SetGroupSequenceEx na_setgroupsequenceex function, (2) the FormatDate julptostr function, and (3) the UserFindingCodes addtocl function.
CVE-2015-2899 1 Medicomp 1 Medcin Engine 2025-04-12 N/A
Heap-based buffer overflow in the QualifierList retrieve_qualifier_list function in Medicomp MEDCIN Engine before 2.22.20153.226 might allow remote attackers to execute arbitrary code via a long list name in a packet on port 8190.
CVE-2015-2900 1 Medicomp 1 Medcin Engine 2025-04-12 N/A
The AddUserFinding add_userfinding2 function in Medicomp MEDCIN Engine before 2.22.20153.226 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted packet on port 8190.
CVE-2015-2901 1 Medicomp 1 Medcin Engine 2025-04-12 N/A
Multiple stack-based buffer overflows in Medicomp MEDCIN Engine 2.22.20142.166 might allow remote attackers to execute arbitrary code via a crafted packet on port 8190, related to (1) the GetProperty info_getproperty function and (2) the GetProperty UdfCodeList function.
CVE-2015-2902 1 Hp 1 Arcsight Smartconnectors 2025-04-12 N/A
HP ArcSight SmartConnectors before 7.1.6 do not verify X.509 certificates from Logger devices, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information via a crafted certificate.
CVE-2015-2903 1 Hp 1 Arcsight Smartconnectors 2025-04-12 N/A
The CWSAPI SOAP service in HP ArcSight SmartConnectors before 7.1.6 has a hardcoded password, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of this password.
CVE-2015-2904 1 Actiontec 2 Ncs01 Firmware, Gt784wn Wireless N Dsl Modem 2025-04-12 N/A
Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration interface.
CVE-2015-2905 1 Actiontec 2 Ncs01 Firmware, Gt784wn Wireless N Dsl Modem 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability on Actiontec GT784WN modems with firmware before NCS01-1.0.13 allows remote attackers to hijack the authentication or intranet connectivity of arbitrary users.
CVE-2015-2906 1 Mobile Devices 1 C4 Obd-ii Dongle Firmware 2025-04-12 N/A
Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, store SSH private keys that are the same across different customers' installations, which makes it easier for remote attackers to obtain access by leveraging knowledge of a private key from another installation.
CVE-2015-2907 1 Mobile Devices 1 C4 Obd-ii Dongle Firmware 2025-04-12 N/A
Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password.
CVE-2015-2876 2 Lacie, Seagate 7 Lac9000436u, Lac9000436u Firmware, Lac9000464u and 4 more 2025-04-12 N/A
Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading a file to /media/sda2 during a Wi-Fi session.
CVE-2015-2875 2 Lacie, Seagate 7 Lac9000436u, Lac9000436u Firmware, Lac9000464u and 4 more 2025-04-12 N/A
Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session.
CVE-2015-2874 2 Lacie, Seagate 7 Lac9000436u, Lac9000436u Firmware, Lac9000464u and 4 more 2025-04-12 N/A
Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
CVE-2015-2873 1 Trendmicro 1 Deep Discovery Inspector 2025-04-12 N/A
Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allows remote attackers to obtain sensitive information or change the configuration via a direct request to the (1) system log URL, (2) whitelist URL, or (3) blacklist URL.
CVE-2015-2872 1 Trendmicro 1 Deep Discovery Inspector 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allow remote attackers to inject arbitrary web script or HTML via (1) crafted input to index.php that is processed by certain Internet Explorer 7 configurations or (2) crafted input to the widget feature.
CVE-2015-2871 1 Chiyu 1 Bf-660c 2025-04-12 N/A
Chiyu BF-660C fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify communication configuration settings via a request to net.htm, a different vulnerability than CVE-2015-5618.
CVE-2015-2870 1 Chiyutw 3 Bf-630, Bf-630w, Bf-660c 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and BF-660C fingerprint access-control devices allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element.